(1) Field of the Invention
The present invention relates to a method for authenticating and executing a program, for checking the credibility of a downloaded program, and executing the program for which credibility has been authenticated.
(2) Description of the Related Art
The function in a digital television of downloading a program and checking/guaranteeing the credibility of such program is described in the DVB-MHP specification “ETSI TS 101 812 V1.2.1 DVB-MHP Specification 1.0.2”, Japanese Translation of PCT International Application (Tokuhyo) 2002-508624, and so on. These include functions for verifying that a program superimposed on broadcast waves being received has not been tampered, and verification as to whether such program is issued by a reliable organization. With this, it is possible to prevent the activation of a rewritten program which operates differently from the original, a program belonging to a spoofing third party, and so on, which would inflict damage on a digital television.
Hereinafter, the act of confirming the credibility of such programs shall be referred to as authentication.
Aside from a program superimposed on broadcast waves being received, the DVB-MHP Specification “ETSI TS 101.812 V1.2.1 DVB-MHP Standard 1.0.2” also considers the downloading, via a network such as the Internet, and verification of a program located in a server.
However, unlike the case of a program downloaded through conventional broadcast waves, the case of downloading via a network can bring about a security problem. The security problem mentioned here refer to the possibility that a file which makes up a program used in the authentication of a program (subsequently referred to as configuration file) and a configuration file of a program used when a program is activated on a terminal apparatus may be different for one or all files. This is the case when, after a terminal apparatus downloads the configuration file of a program from a server and authenticates it, the configuration file of the program located in the server is tampered with. When the configuration file is tampered with and subsequently re-downloaded by the terminal apparatus, the program structured from such configuration file can no longer be used normally.
Furthermore, there exists a technology for putting together several files as one in a file format called JAR (Java Archive) which is based on the well known ZIP file format. Using such technology, file size is compressed and the time required for downloading can be shortened, compared to when JAR is not used. However, when JAR is used in cases where data located in the server is updated frequently, JAR format files have to be remade every time data is updated. This casts a burden on the server and there are cases where it is not desirable. For example, the case of a server providing a program using stock price information falls under this category as information on stock prices and the like constantly change in real-time.
In view of the aforementioned problem, an authentication apparatus such as a digital television, and so on is required, which guarantees the credibility of a program downloaded, via a network, from a server in which files and directories are arranged in a hierarchical structure without the use of files represented in the JAR format.